Cyberattack on aviation systems exposes vulnerabilities in Europe’s airports as passengers face delays and disruptions
A cyberattack targeting check-in and boarding systems disrupted air traffic at several of Europe’s busiest airports on Saturday, leaving passengers facing long queues, cancelled flights and handwritten baggage tags. While the impact on travellers was contained within hours, the incident has raised serious concerns about the aviation industry’s reliance on shared digital systems and its vulnerability to cyber threats.
The attack struck overnight on Friday, 19 September, when the service provider for airport check-in and boarding systems was targeted. Airports in Brussels, Berlin and London Heathrow confirmed problems, forcing airlines to switch to manual processes for checking in passengers and processing baggage. Other European hubs reported they were unaffected.
Brussels Airport said the disruption initially had a “large impact” on flight schedules. “There was a cyberattack on Friday night against the service provider for the check-in and boarding systems affecting several European airports including Brussels Airport,” a spokesperson said. By mid-morning on Saturday, nine flights had been cancelled, four diverted to other airports and 15 delayed by an hour or more.
Berlin’s Brandenburg Airport reported difficulties early in the day, although by late morning officials said no flights had yet been cancelled as a direct result. Operators cut connections to the affected systems as a precaution. At London’s Heathrow Airport, Europe’s busiest, the disruption was described as “minimal”, with no cancellations directly attributed to the issue, though officials declined to specify the number of delayed flights.
The problem centred on Collins Aerospace, a subsidiary of RTX Corp., formerly Raytheon Technologies. Its MUSE (Multi-User System Environment) software, used by airlines at multiple airports to manage passenger check-in, print boarding passes and dispatch luggage, suffered what the company called a “cyber-related disruption” at selected locations.
“We are actively working to resolve the issue and restore full functionality to our customers as quickly as possible,” Collins said in a statement. “The impact is limited to electronic customer check-in and baggage drop and can be mitigated with manual check-in operations.”
For many travellers, the disruption translated into hours of queuing. With airlines having reduced staff at traditional counters in favour of self-service kiosks, the sudden switch back to manual processes caused bottlenecks.
Maria Casey, travelling to Thailand from Heathrow’s Terminal 4, described her frustration: “They had to write our baggage tabs by hand. Only two desks were staffed, which is why we were cheesed off. We spent three hours at baggage check-in.”
Airports apologised to passengers and advised them to monitor flight status updates closely.
While the precise origin of the cyberattack remains unclear, experts said the incident exposed weaknesses in aviation’s digital infrastructure. Travel analyst Paul Charles said he was “surprised and shocked” by the attack. “It’s deeply worrying that a company of that stature, who normally have such resilient systems in place, has been affected. This is a very clever cyberattack indeed because it’s hit multiple airlines and airports at the same time — not just one. The perpetrators got into the core system that enables airlines to check in passengers at different desks and airports around Europe.”
Cybersecurity specialists said the aviation sector is increasingly attractive to attackers because of its reliance on shared third-party systems. Charlotte Wilson, head of enterprise at Check Point, said: “These attacks often strike through the supply chain, exploiting third-party platforms that are used by multiple airlines and airports at once. When one vendor is compromised, the ripple effect can be immediate and far-reaching, causing widespread disruption across borders.”
James Davenport, professor of information technology at the University of Bath, suggested the motivation may not have been financial. “It looks almost more like vandalism than extortion, based on the information we have. Significant new details would need to emerge to change that view.”
The attack highlights the risks facing airlines and airports as they increasingly depend on outsourced digital systems to manage passenger flows. Analysts say this trend improves efficiency under normal circumstances but creates vulnerabilities that can be exploited by cybercriminals, criminal syndicates or hostile states.
Although the immediate impact was limited, the disruption has renewed calls for the aviation industry to strengthen resilience against cyberattacks. The incident also underlined the potential for cascading effects: a single system breach at one supplier caused knock-on problems at several airports simultaneously.
For now, airports say they have restored most services, but experts warn that Saturday’s disruption may serve as a wake-up call. “The aviation industry is one of the most interconnected systems in the world,” Wilson said. “Protecting it requires collaboration and vigilance at every level — from airports and airlines to the companies providing the technology behind the scenes.”
As passengers returned to their journeys by Saturday evening, the incident left behind both inconvenience and unease — a reminder that in an era of digital dependence, even a holiday check-in desk can become a front line in the battle against cybercrime.
